Security News
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software-making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products - Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio - that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity.
Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If youuse Windows, please take a moment to read this post, backup your system(s), and patch your PCs. All told, this patch batch addresses at least 115 security flaws.
It's March 2020 Patch Tuesday and Microsoft has dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity. For the time being, Adobe seems to be skipping this Patch Tuesday and there's no indication whether the customary security updates are just delayed or there won't be any at all in the coming days.
Business tools development company Zoho says it's working on a patch for a zero-day vulnerability affecting its ManageEngine Desktop Central product. "Since Zoho typically ignores researchers, I figured it was OK to share a ManageEngine Desktop Central zero-day exploit with everyone," Seeley wrote on Twitter.
The updates were pulled, and we are waiting to see if Microsoft re-releases a more comprehensive fix this patch Tuesday. The advisory specifically stated, "The March 10, 2020 and updates in the foreseeable future will not make changes to LDAP signing or LDAP channel binding policies or their registry equivalent on new or existing domain controllers." These features will be included in the March Patch Tuesday updates, so take advantage and enable them.
Companies are lagging when it comes to keeping up with software security patches - causing them to fall into "Security debt," Chris Eng, chief research officer with Veracode said. "If you incorporate security in the right way, DevOps is actually a great opportunity to improve the way that you're doing software security. And so I think that's the big takeaway," said Eng.
Companies are lagging when it comes to keeping up with software security patches - causing them to fall into "Security debt," Chris Eng, chief research officer with Veracode said. "If you incorporate security in the right way, DevOps is actually a great opportunity to improve the way that you're doing software security. And so I think that's the big takeaway," said Eng.
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Zyxel's network storage boxes, business VPN gateways, firewalls, and, er, security scanners can be remotely hijacked by any miscreant, due to a devastating security hole in the firmware. If a miscreant can't directly connect to a vulnerable Zyxel device, "There are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable device," noted Carnegie Mellon's CERT Coordination Center in its advisory on the matter.
Less than a month after the patching of a critical RCE flaw in OpenSMTPD, OpenBSD's mail server, comes another call to upgrade to the latest version, as two additional security holes have been plugged. CVE-2020-8794 is an out-of-bounds read flaw introduced in December 2015 and can - depending on the vulnerable OpenSMTPD version - lead to the execution of arbitrary shell commands either as root or as any non-root user.